In this past week, on August 23, 2022, The Washington Post reported on a whistleblower complaint made by Peiter ‘Mudge’ Zatko, a former Twitter security executive, about Twitter. Here’s a WashPo gift link if you hit a paywall: https://wapo.st/3clFzg2.

WashPo also hosted a Twitter Spaces chat on the same day. I noticed several former and existing Twitter employees listening in. I found the commentary and reporting fascinating and fairly nuanced.

Mudge filed the complaint last month with the SEC, DOJ, and FTC. He alleges that “Twitter executives deceived federal regulators and the company’s own board of directors about ‘extreme, egregious deficiencies’ in its defenses against hackers and its ‘meager efforts to fight spam,’ among other issues.” As one would expect, Twitter has responded and denied these allegations by pushing back and claiming that the allegations are creating a “false” narrative.

I haven’t read through the complaint in full yet, but my initial reactions are:

• Feeling surprised – I didn’t expect someone of Mudge’s stature or level of responsibility at the company to be a whistleblower. The cognitive dissonance for me is that I have an image of whistleblowers resorting to whistleblowing and taking a matter public inside of a power structure/framework in which they do not have power; whereas, in this case, Mudge has a level of power and privilege that I don’t associate with most whistleblowers. I recognize this is my own bias – and I believe wrongdoing is wrongdoing, regardless of who calls attention to it, but didn’t he have the responsibility and the tools to fix things from the inside? Mudge was hired by Jack after the security breach in 2020, given his past expertise. I was there when Mudge was introduced at #OneTeam, the company all-hands. Wasn’t Mudge hired to fix the very problems that he outlines in his claim? When working there, I don’t remember hearing much from him after he joined. The docs reflect him proposing and leading a company-level initiative, but then he was eventually fired. Is this a case of a high-level executive whose scope was “XYZ” (in this case, security) to then turn around and say, XYZ (security) is broken at the company? I guess by being fired, he didn’t have the opportunity to work on it any longer, but how much did he actually influence or impact when he was there. Regardless, I do acknowledge that because the claims are brought forward by someone of his stature and reputation, people are taking it seriously and engaging with it.
• Feeling confused – I’m confused about Mudge’s incentive for this whistleblower complaint and what his intention is. What’s the intended goal he hopes to achieve? What is the ideal scenario he has in mind for Twitter’s users and Twitter as a company? What’s the end game here that he is hoping for? What does he believe an investigation or regulatory oversight/influence will provide?
• Feeling validated – I’ve been frustrated with my own ability to effect change at Twitter. But if an executive with built-in power, privilege, credibility, a specific mandate, and team/resources couldn’t impact material change, it puts into context the environment I was working in. No wonder aspects of that job were so hard, especially as a woman of color working directly or tangentially on the issues that Mudge outlines in his complaint, before he even joined, while in the middle of one global or internal crisis after another.

I may share observations and thoughts at later date, but I’m not sure if I want to invite any unnecessary attention to myself. I do think it’s worth speaking the truth – and speaking truth to power or setting the record straight, if there are egregious inconsistencies that will have negative and lasting impacts on issues or people I care about. In other words, it has to be worth it to speak up.

From my initial glance at the complaint, I can say, it’s not as black or white as either party contends – Twitter (its company officers, spokespeople, and employees) or Mudge (the complaint, him, and his legal team). I hope lawmakers and the general public can see through these sweeping statements made by both sides. I believe these high-level, sweeping, generalized allegations and denials/rebuttals miss the mark and won’t actually built credibility or trust. I will be paying attention, but have not yet decided what to do. Maybe as a first step, I’ll read through the docs. 🙂